Home

Description

Permissions where checked incorrectly during room creation, allowing attackers to create rooms of types they shouldn't be allowed to create.

PUBLISHED Reserved 2026-06-25 | Published 2026-06-25 | Updated 2026-06-25 | Assigner rami.io




LOW: 2.3CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N

Problem types

CWE-639 Authorization bypass through User-Controlled key

Product status

Default status
unaffected

0.0.0 (git) before 0a35457f
affected

Credits

Rokkam Vamshi finder

References

github.com/...ueless/security/advisories/GHSA-hj6j-wpgc-qrp5

cve.org (CVE-2026-13350)

nvd.nist.gov (CVE-2026-13350)

Download JSON